Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Renewing an SSL certificate in Advanced Security

Re: Renewing an SSL certificate in Advanced Security

From: mkb <mkb125_at_yahoo.com>
Date: Fri, 14 Dec 2007 13:39:22 -0800 (PST)
Message-ID: <334590.74139.qm@web58009.mail.re3.yahoo.com> 





>>>>>>



----- Original Message ----


From: Jason Heinrich <jheinrichdba_at_gmail.com>
To: oracle-l <oracle-l_at_freelists.org>


Sent: Friday, December 14, 2007 12:38:22 PM
Subject: Renewing an SSL certificate in Advanced Security




I was wondering if there was a recommended method for renewing a certificate used to encrypt client/server database communications.  I'm developing procedures for securing SQLNet and have successfully setup SSL, but the wallet does not seem to want to accept the new certificate.  I've tried creating a new certificate request, and I've tried just exporting the old certificate request.  In both cases when I try to import the new certificate using orapki it seems to work, but viewing the certificate using Wallet Manager shows that only the old certificate is still in the wallet.




My current thinking is that I'll need to recreate the whole wallet and copy it over the top of the old one.  I was hoping someone had a better solution.


-- 
Jason Heinrich


<<<<<<<<

I'm not sure I quite follow.  I assume you generated a certificate request (something like this perhaps? orapki wallet add -wallet wallet_location -dn user_dn -keySize 512|1024|2048)

Then you exported the certificate request and got it signed from your CA, right?

You should have gotten back a root certificate from your CA and a signed user certificate.  The root cert would have been imported into the wallet with something like this:
orapki wallet add -wallet . -trusted_cert -cert cacert.pem

The signed user certificate would have been imported into the wallet using something like this:
orapki wallet add -wallet . -user_cert -cert newcert.pem

If you want to create a new signed user certificate, you will need to create a user certificate request, export the request and then submit it to the CA and get it signed.  Once it is signed, you only need to import the user signed certificate and not the root chain (assuming you got it signed from the same CA).  

I think I had some problems with the orapki utility when trying to import certs but when I used the GUI it seemed to work fine.  You might try using the GUI first (owm) and see if that solves the problem.

--
mohammed


You then created a certificate request




      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs
--
http://www.freelists.org/webpage/oracle-l


Received on Fri Dec 14 2007 - 15:39:22 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US